Smart Card Security

Xufen Gao
CS 265 Spring, 2004 San Jose State University

Overview
Introduction Security Technologies
Physical structure and life cycle Communication with the outside world Operating system

Attacks on Smart Card Conclusion

Introduction
Smart

card is a credit card sized plastic card embeds an integrated circuit chip.

Smart card provides memory capacity and computational capabilities.

It is used in the applications that require high security protection and authentication.

Introduction (Cont.)
Main applications of smart card
Credit/debit card Medical card Identification card Entertainment card Voting card

Security Technologies
Three Points of Views
Physical Structure and Life Cycle Communication with Outside World Operating System

Physical Structure
Three basic elements
A plastic card A printed circuit An integrated circuit chip

Life Cycle of the Smart Card

Five phases in smart cards life cycle
Fabrication phase Pre-personalization phase

Personalization phase Utilization phase End-of-lift phase

Every phase has its own limitations on transferring and accessing data

Fabrication Phase
The chip manufacturer makes and tests the integrated circuit chip A unique fabrication key (FK) is added to prevent chip from modifying
FK stays in the chip until it is assembled into the plastic card FK is derived from a master manufacture key

Pre-personalization Phase

Controlled by the card suppliers Circuit chip is mounted on the plastic card A personalization key (PK) replaces the fabrication key A personalization lock VPER is set to prevent further modification The card only can accessed by the logical memory addressing

Personalization Phase

Card issuer writes the data files and application data to the card Stores identity of card holder, PIN, and unblocking PIN Set a utilization lock VUTIL to indicate the card is in the utilization phase

Utilization Phase

For normal use of the card by the card holder Application system and logical file access controls are available There are application security policies to rule the access of the information

End-of-Life Phase

Also called invalidation phase There are two ways to move the card into this phase

Set an invalidation lock to an individual or master file.

Operating system disables all operations except read for analysis Operating system disables all operations including read

Block all the PINs to disable all operations

Communication with Outside World

Smart card usually needs external peripherals to cooperate

e.g. needs to connect to card acceptor device to obtain power and input/output information

The untrusted external peripherals reduce the security

Communication with Outside World (Cont.)

To prevent massive data attack

Data exchange limits to 9600 bits/second Use half duplex mode

Mutual authentication protocol is used between smart card and CAD Use message authentication code (MAC) to protect integrity

Authentication between Smart Card and CAD

Smart Card Card Acceptor Device (CAD)
1. 2.
3. Smart card encrypts rs with Ksc and compares it with the data received from CAD

rs rs encrypted with Ksc

4. 5.

rc rc encrypted with Ksc

6. CAD encrypts rc with Ksc and compares it with the data received from smart card

Operating System

Logical File Structure

Access Controls

Logical File Structure

Files are in a hierarchal tree form
Master file (MF) Dedicated file (DF)

Elementary file (EF)

Every file has header and body

Header consists security attributes to indicate users rights

Body stores all the headers of its immediate children or data

Application can access files only it has the appropriate right

Access Controls

Depends on the correct presentation of PIN and their management 5 Levels of access conditions

Always (ALW) Card holder verification 1 (CHV1) Card holder verification 1 (CHV1) Administrative (ADM) Never (NEV)

PIN presentation and management

Counter Maximum number Unblocking PIN

Attacks on Smart Card

Logical attacks

Control the voltage or temperate on EEPROM

Physical attacks

Wash away the surface of circuit chip and Examine it Use UV light

Logical and physical attacks are expensive. They are only available in well-funded laboratories.

Attacks on Smart Cart (Cont.)

Functional attacks

Smart card consists five parties

Cardholder, terminal, data owner, card issuer, card manufacturer, and software manufacturer

There are potential attacks between any two parties Solutions

Use strong cryptographic protocols to increase tamper resistance Reduce the party number Make the system more transparent Consider the security issue at the beginning of the system design

Conclusion

Smart card uses integrated circuit chip rather than magnetic strip to store data Smart card can be programmed to compute the cryptographic keys Smart card is a good device to store important information

Private key Account numbers Biometrics information

Smart card has weakness, but it is secure enough for present requirements

Q&A

???